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Amend ments to the Oaims 

1 Claim 1 (currently amended): A computer program product for enabling a subsequent user sign- 

2 on during a certificate-based host access session, said computer program product embodied on a 

3 computer-readable medium and comprising: 

4 computer-readable program code means for processing a first sign-on during a secure 

5 session using a digital certificate, further comprising: 

6 computer-readable program code means for establishing said secure session from a 

7 client machine to a server machine using said digital certificate, wherein said digital certificate 

8 represents an identity of said client machine or a user thereof; 

9 computer-readable program code means for storing said digital certificate or a 

1 0 reference thereto at said server machine; 

1 1 computer-readable program code means for establishing a session from said server 

1 2 machine to a host system using a legacy host communication protocol, responsive to receiving, at 

1 3 said server machine, a first sign-on request from said client machine, wherein said first sign-on 

1 4 request identifies a first secure legacy host application to which said first sign-on is requested; 

1 5 computer-readable program code means for passing said stored digital certificate 

16 or said reference from said server machine to a host access security system; 

1 7 computer-readable program code means, operable in said host access security 

1 8 system, for authenticating said identity using said passed digital certificate or a retrieved 

1 9 certificate which is retrieved using said reference; 

2 o computer-readable program code means, operable in said host access security 

2 1 system, for using said passed or retrieved digital certificate to locate access credentials for said 
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22 user, 

2 3 computer-readable program code means, operable in said host access security 

2 4 system, for accessing a stored password or generating a password substitute representing said 

2 5 located credentials; 

2 6 computer-readable program code means, operable in said host access security 

2 7 system, for returning said stored password or generated password substitute to said server 

2 8 machine, along with a first user identifier corresponding to said located credentials; 

29 computer-readable prngram code means, operable in said serv er machine, for 

30 receiving a first sign-on message from said client machine wherein said first sign-on message uses 

31 placeholder syntax, said placeholder syntax representing a u ser identification and a password of 

32 said user, wherein said user identification and said password are expected in said first sign-on 

33 message bv said first secure legacy host application; and 

34 computer-readable program code means, operable in said server machine, for using 

3 5 said returned password or password substitute and said returned first user identifier to 

3 6 transparently complete said first sign-on, on behalf of said user of said client machine, to said first 

3 7 secure legacy host application executing at said host system bv substituti ng $aid returned first user 

38 identifier and said returned password or password substitute for said pla ceholder syntax in said 

39 first sign-on message, thereby creatin g a revised first sign-on message, and forwarding said 

40 revised first sign-on message from said server machine to said first secure legacy host application; 

41 and 

4 2 computer-readable program code means for processing a subsequent sign-on of said user 
4 3 during said secure session using said digital certificate, further comprising: 
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4 4 computer-readable program code means for receiving a subsequent sign-on 

45 request, at said server machine from said client machine, wherein: (1) said subsequent sign-on 

4 6 request identifies a second secure legacy host application to which said subsequent sign-on is 

4 7 requested; (2) said subsequent sign-on requires authenticating a requester of said subsequent sign- 

48 on; (3) said second secure legacy host application may be identical to said first secure legacy host 

4 9 application; and (4) said requester of said subsequent sign-on is said user; 

50 computer-readable program code means, operable at said server machine, for 

5 1 retrieving said stored digital certificate or reference; 

52 computer-readable program code means for passing said retrieved digital 

53 certificate or reference from said saver machine to said host access security system; 

5 4 computer-readable program code means, operable in said host access security 

55 system, for re-authenticating said identity of said user, thereby authenticating said requester, using 

5 6 said passed retrieved digital certificate or retrieved reference; 

57 computer-readable program code means, operable in said host access security 

58 system, for using said passed retrieved digital certificate or retrieved reference to [[again]] re- 

59 locate said access credentials for said user, 

60 computer-readable program code means, operable in said host access security 

6 1 system, for re-accessing said stored password or generating a new password substitute 

6 2 representing said re-located credentials; 

6 3 computer-readable program code means, operable in said host access security 

64 system, for returning said re-accessed stored password or generated new password substitute to 

65 said server machine, along with said user identifier corresponding to said re-located credentials; 
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66 and 

57 computer-readable program code means, operable in said server machine, for using 

68 said returned re-accessed password or new password substitute and said returned user identifier 

6 9 corresponding to said re-located credentials to transparently complete said subsequent sign-on, on 

7 0 behalf of said requester, to said second secure legacy host application executing at said host 
71 system. 

1 Claim 2 (currently amended): The computer program product as claimed in Claim I, wherein said 

2 digital certificate and said second digital certificate are is_an X.S09 certificate certificates and said 

3 digital certificate reference is a reference to an X.509 certificate. 

1 Claim 3 (original): The computer program product as claimed in Claim 1, wherein said 

2 communication protocol is a 3270 emulation protocol. 

1 Claim 4 (original): The computer program product as claimed in Claim 1, wherein said 

2 communication protocol is a 5250 emulation protocol. 

1 Claim 5 (original): The computer program product as claimed in Claim 1, wherein said 

2 communication protocol is a Virtual Terminal protocol. 

1 Claim 6 (original): The computer program product as claimed in Claim 3, wherein said host 

2 access security system is a Resource Access Control Facility (RACF) system. 
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1 Claim 7 (original): The computer program product as claimed in Claim 1 , wherein said server 

2 machine is a Web application server machine. 

Claim 8 (canceled) 

1 Claim 9 (previously presented): The computer program product as claimed in Claim 7, wherein: 

2 said computer-readable program code means for using said returned password or 

3 password substitute and said returned first user identifier to transparently complete said first sign- 

4 on further comprises: 

5 computer-readable program code means for requesting by said first secure legacy 

6 host application, responsive to said computer-readable program code means for establishing said 

7 session, first sign-on information for said user; and 

8 computer-readable program code means for responding to said request for first 

9 sign-on information by supplying, from said server machine to said first secure legacy host 
1 0 application, said returned user identifier and said returned password or password substitute. 

1 Claim 10 (currently amended): A system for enabling a subsequent user sign-on during a 

2 certificate-based host access session, comprising: 

3 means for processing a first sign-on during a secure session using a digital certificate, 

4 further comprising: 

5 means for establishing said secure session from a client machine to a server 
Serial No. 09/619,205 -6- Docket RSW9-2000-0035-US1 
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6 machine using said digital certificate, wherein said digital certificate represents an identity of said 

7 client machine or a user thereof, 

8 means for storing said digital certificate or a reference thereto at said server 

9 machine; 

I o means for establishing a session from said server machine to a host system using a 

I I legacy host communication protocol, responsive to receiving, at said server machine, a first sign- 

12 on request from said client machine, wherein said first sign-on request identifies a first secure 

1 3 legacy host application to which said first sign-on is requested; 

1 4 means for passing said stored digital certificate or said reference from said server 

1 5 machine to a host access security system; 

1 e means, operable in said host access security system, for authenticating said identity 

1 7 using said passed digital certificate or a retrieved certificate which is retrieved using said 

1 8 reference; 

1 9 means, operable in said host access security system, for using said passed or 

2 0 retrieved digital certificate to locate access credentials for said user; 

2 1 means, operable in said host access security system, for accessing a stored 

2 2 password or generating a password substitute representing said located credentials; 

23 means, operable in said host access security system, for returning said stored password or 

2 4 generated password substitute to said server machine, along with a first user identifier 

25 corresponding to said located credentials; 

26 mftflm q , operable in said server machine, for receiving a first sign-o n message from said 

27 client machine- wherein said first sign-on message uses placeholder sv ntax. said placeholder 
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28 syntax representing a user identification and a password of said user, wherein said user 

29 identification and said password are expected in said first sign-on message bv said first secure 

30 legacy host application: and 

3 1 means, operable in said server machine, for using said returned password or 

32 password substitute and said returned first user identifier to transparently complete said first sign- 
3 3 on, on behalf of said user of said client machine, to said first secure legacy host application 

34 executing at said host system bv substituting said returned first use r identifier and said returned 

35 password or password substitute for said placeholder syntax in said first sign-on message, thereby 

36 creating a revised first sign-on message, and forwarding s aid revised first sign-on message from 

37 said server machine to said first secure legacy host application: and 

3 8 means for processing a subsequent sign-on of said user during said secure session using 

3 9 said digital certificate, further comprising: 

4 o means for receiving a subsequent sign-on request, at said server machine from said 
4 1 client machine, wherein: (1) said subsequent sign-on request identifies a second secure legacy 

4 2 host application to which said subsequent sign-on is requested; (2) said subsequent sign-on 

4 3 requires authenticating a requester of said subsequent sign-on; (3) said second secure legacy host 

4 4 application may be identical to said first secure legacy host application; and (4) said requester of 

4 5 said subsequent sign-on is said user; 

4 6 means, operable at said server machine, for retrieving said stored digital certificate 

47 or reference; 

4 8 means for passing said retrieved digital certificate or reference from said server 

4 9 machine to said host access security system; 
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5 o means, operable in said host access security system, for re-authenticating said 

51 identity of said user, thereby authenticating said requester, using said passed retrieved digital 

52 certificate or retrieved reference; 

5 3 means, operable in said host access security system, for using said passed retrieved 

54 digital certificate or retrieved reference to [[again]] re-locate said access credentials for said user, 

55 means, operable in said host access security system, for re-accessing said stored 
5 6 password or generating a new password substitute representing said re-located credentials; 

5 7 means, operable in said host access security system, for returning said re-accessed 

5 8 stored password or generated new password substitute to said server machine, along with said 

5 9 user identifier corresponding to said re-located credentials; and 

6 o means, operable in said server machine, for using said returned re-accessed 

61 password or new password substitute and said returned user identifier corresponding to said re- 

62 located credentials to transparently complete said subsequent sign-on, on behalf of said requester, 

63 to said second secure legacy host application executing at said host system. 

1 Claim 1 1 (currently amended): The system as claimed in Claim 10, wherein said digital certificate 

2 and said second digital u j itifiuUt art is an X.509 c e rtifica t es certificate and said digital certificate 

3 reference is a reference to an X.509 certificate. 

1 Claim 12 (original): The system as claimed in Claim 10, wherein sad communication protocol is 

2 a 3270 emulation protocol 
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1 Claim 13 (original): The system as claimed in Claim 12, wherein said host access security system 

2 is a Resource Access Control Facility (RACF) system. 

1 Claim 14 (original): The system as claimed in Claim 10, wherein said server machine is a Web 

2 application server machine. 



Claim IS (canceled) 



1 Claim 16 (previously presented): The system as claimed in Claim 14, wherein: 

2 said means for using said returned password or password substitute and said returned first 

3 user identifier to transparently complete said first sign-on further comprises: 

4 means for requesting by said first secure legacy host application, responsive to said 

5 means for establishing said session, first sign-on information for said user, and 

6 means for responding to said request for first sign-on information by supplying, 

7 from said server machine to said first secure legacy host application, said returned user identifier 

8 and said returned password or password substitute* 

1 Claim 17 (currently amended): A method for enabling a subsequent user sign-on during a 

2 certificate-based host access session, comprising the steps of: 

3 processing a first sign-on during a secure session using a digital certificate, further 

4 comprising the steps of: 

5 establishing said secure session from a client machine to a server machine using 



Serial No. 09/619,205 -10- Docket RSW9-2000-0035-US1 



PAGE 12/32 * RCVD AT 9/10/2004 9:40:28 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-1/1 * DN1S:8729306 * CSID:21 73553444 * DURATION (mm-ss):10-50 



09/10/2004 20:45 FAX 2173553444 



KinkcTs Roundbarn 



@013/032 



6 said digital certificate, wherein said digital certificate represents an identity of said client machine 

7 or a user thereof; 

8 storing said digital certificate or a reference thereto at said server machine; 

9 establishing a session from said server machine to a host system using a legacy 

1 0 host communication protocol, responsive to receiving, at said server machine, a first sign-on 

1 1 request from said client machine, wherein said first sign-on request identifies a first secure legacy 

12 host application to which said first sign-on is requested; 

13 passing said stored digital certificate or said reference from said server machine to 

14 a host access security system; 

1 5 authenticating, by said host access security system, said identity using said passed 

1 6 digital certificate or a retrieved certificate which is retrieved using said reference; 

1 7 using, by said host access security system, said passed or retrieved digital 

1 8 certificate to locate access credentials for said user; 

1 9 accessing, by said host access security system, a stored password or generating a 

20 password substitute representing said located credentials; 

2 1 returning, by said host access security system, said stored password or generated 

22 password substitute to said server machine, along with a first user identifier corresponding to said 
2 3 located credentials; 

24 receiving, bv said serv er macfone . a first si|an-on message from said client machine. 

25 wherein said first sign^on message uses placeholder syntax, said placeholder s vntax representing « 

26 user identification and a password of said user, wherein said user identification a nd said password 

27 are expected in said first sign-on message bv said first secure legacy host application: and 
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2 8 using, by said server machine, said returned password or password substitute and 

2 9 said returned first user identifier to transparently complete said first sign-on, on behalf of said user 

30 of said client machine, to said first secure legacy host application executing at said host system by 

31 substituting said returned first user identifier and said returned password or password substitute 

32 for said placeholder syntax in said first sign-on message, thereby creatine a revised first sigq-on 

33 message, and forwarding said revised first sign-on message from said server machine to said first 

34 secure legacy host application: and 

3 5 processing a subsequent sign-on of said user during said secure session using said digital 
3 6 certificate, further comprising the steps of: 

3 7 receiving a subsequent sign-on request, at said server machine from said client 

3 8 machine, wherein: ( 1 ) said subsequent sign-on request identifies a second secure legacy host 
39 application to which said subsequent sign-on is requested; (2) said subsequent sign-on requires 

4 0 authenticating a requester of said subsequent sign-on; (3) said second secure legacy host 

4 1 application may be identical to said first secure legacy host application; and (4) said requester of 

42 said subsequent sign-on is said user, 

4 3 retrieving, by said server machine, said stored digital certificate or reference; 

4 4 passing said retrieved digital certificate or reference from said servo* machine to 

4 5 said host access security system; 

4 6 re-authenticating, by said host access security system, said identity of said user, 

4 7 thereby authenticating said requester, using said passed retrieved digital certificate or retrieved 

48 reference; 

4 9 using, by said host access security system, said passed retrieved digital certificate 
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50 or retrieved reference to [[again]] re-locate said access credentials for said user; 

51 re-accessing, by said host access security system, said stored password or 

52 generating a new password substitute representing said re-located credentials; 

53 returning, by said host access security system, said re-accessed stored password or 
5 4 generated new password substitute to said server machine, along with said user identifier 

55 corresponding to said re-located credentials; and 

5 g using, by said server machine, said returned re-accessed password or new 

57 password substitute and said returned user identifier corresponding to said re-located credentials 

58 to transparently complete said subsequent sign-on, on behalf of said requester, to said second 

59 secure legacy host application executing at said host system. 

1 Claim 18 (currently amended): The method as claimed in Claim 17, wherein said digital 

2 certificate and said second digital ceitificate arc is an X. 509 certificates certificate and said digital 

3 certificate reference is a reference to an X. 509 certificate. 

1 Claim 19 (original): The method as claimed in Claim 17, wherein said communication protocol is 

2 a 3270 emulation protocol. 

1 Claim 20 (original): The method as claimed in Claim 1 9, wherein said host access security system 

2 is a Resource Access Control Facility (RACF) system. 

1 Claim 21 (original): The method as claimed in Claim 17, wherein said server machine is a Web 
Serial No. 09/619,205 -13- Docket RSW9-2000-0035-US1 
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2 application server machine. 
Claim 22 (canceled) 

1 Claim 23 (previously presented): The method as claimed in Claim 21 , wherein: 

2 said step of using said returned password or password substitute and said returned first 

3 user identifier to transparently complete said first sign-on further comprises the steps of: 

4 requesting by said first secure legacy host application, responsive to said step of 

5 establishing said session, first sign-on information for said user; and 

6 responding to said request for first sign-on information by supplying, from said 

7 server machine to said first secure legacy host application, said returned user identifier and said 

8 returned password or password substitute. 

1 Claim 24 (currently amended): The computer program product as claimed in Claim 1, wherein: 

2 said computer-readable program code means for processing said subsequent sign-on 

3 further comprises: 

4 computer-readable program code means for requesting, by said second secure 

5 legacy host application, subsequent sign-on information for said requester, and 

6 computer-readable program code means for responding to said request for 

7 subsequent sign-on information by sending a subsequent sign-on message with placeholders from 

8 said client machine to said server machine, said placeholders representing said user identification 

9 and said password of said user, and 
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I o said computer-readable program code means for using said returned re-accessed password 

II or new password substitute and said returned user identifier corresponding to said re-located 

12 credentials to transparently complete said second sign-on further comprises: 

1 3 computer-readable program code means for substituting said returned user 

1 4 identifier corresponding to said re-located credentials and said returned re-accessed password or 

15 new password substitute for said placeholders in said subsequent sign-on message, thereby 

1 6 creating a revised subsequent sign-on message; and 

1 7 computer-readable program code means for forwarding said revised subsequent 

1 8 sign-on message from said server machine to said second [[sure]] secure legacy host application. 

1 Claim 25 (previously presented): The computer program product as claimed in Claim 7, wherein 

2 said computer-readable program code means for processing said subsequent sign-on further 

3 comprises: 

4 computer-readable program code means for requesting, by said second secure legacy host 

5 application, subsequent sign-on information for said requester; and 

6 computer-readable program code means for responding to said request for subsequent 

7 sign-on information by supplying, from said server machine to said second secure legacy host 

8 application, said returned user identifier associated with said re-located credentials and said 

9 returned re-accessed password or new password substitute. 

1 Claim 26 (currently amended): The system as claimed in Claim 10, wherein: 

2 said means for processing said subsequent sign-on further comprises: 
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3 means for requesting, by said second secure legacy host application, subsequent 

4 sign-on information for said requester; and 

5 means for responding to said request for subsequent sign-on information by 

6 sending a subsequent sign-on message with placeholders from said client machine to said server 

7 machine, said placeholders representing said user identification and said password of said user; 

8 and 

9 said means for using said returned re-accessed password or new password substitute and 

10 said returned user identifier corresponding to said re-located credentials to transparently complete 

1 1 said second sign-on further comprises: 

1 2 means for substituting said returned user identifier corresponding to said re-located 

1 3 credentials and said returned re-accessed password or new password substitute for said 

1 4 placeholders in said subsequent sign-on message, thereby creating a revised subsequent sign-on 

15 message; and 

1 6 means for forwarding said revised subsequent sign-on message from said server 

1 7 machine to said second [[sure]] secure legacy host application. 

1 Claim 27 (previously presented): The system as claimed in Claim 14, wherein said means for 

2 processing said subsequent sign-on further comprises: 

3 means for requesting, by said second secure legacy host application, subsequent sign-on 

4 information for said requester; and 

5 means for responding to said request for subsequent sign-on information by supplying, 

6 from said server machine to said second secure legacy host application, said returned user 
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7 identifier associated with said re-located credentials and said returned re-accessed password or 

8 new password substitute. 

1 Claim 28 (currently amended): The method as claimed in Claim 17, wherein: 

2 said step of processing said subsequent sign-on further comprises the steps of: 

3 requesting, by said second secure legacy host application, subsequent sign-on 

4 information for said requester; and 

5 responding to said request for subsequent sign-on information by sending a 

6 subsequent sign-on message with placeholders from said client machine to said server machine, 

7 said placeholders representing said user identification and said password of said user; and 

8 said step of using said returned re-accessed password or new password substitute and said 

9 returned user identifier corresponding to said re-located credentials to transparently complete said 

1 0 second sign-on further comprises the steps of: 

1 1 substituting said returned user identifier corresponding to said re-located 

1 2 credentials and said returned re-accessed password or new password substitute for said 

1 3 placeholders in said subsequent sign-on message, thereby creating a revised subsequent sign-on 

14 message; and 

1 5 forwarding said revised subsequent sign-on message from said server machine to 

1 6 said second [[sure]] secure legacy host application. 

1 Claim 29 (previously presented): The method as claimed in Claim 21, wherein said step of 

2 processing said subsequent sign-on further comprises the steps of: 
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3 requesting, by said second secure legacy host application, subsequent sign-on information 

4 for said requester; and 

5 responding to said request for subsequent sign-on information by supplying, from said 

6 server machine to said second secure legacy host application, said returned user identifier 

7 associated with said re-located credentials and said returned re-accessed password or new 

8 password substitute. 

1 Claim 30 (currently amended): A computer-implemented method for enabling an identity to be 

2 subsequently provided during a certificate-based host access session, comprising steps of: 

3 establishing a secure session between a client and a server using a digital certificate owned 

4 by a user of said client; 

5 remembering said digital certificate at said server, 

6 completing a first sign-on to a host application, by said server on behalf of said user, 

7 responsive to receiving an asynchronous sign-on request from said client that identifies said host 

8 application, further comprising the steps of: 

9 using said remembered digital certificate to authenticate said user to a host access 

1 0 security component; 

11 if said user is authenticated, locating, by said host access security component, 

1 2 access credentials of said user, 

1 3 creating, by said host access security component, a passticket that represents said 

1 4 located access credentials; 

1 5 returning said passticket from said host access security component to said server, 
Serial No. 09/619,205 -18- Docket RSW9-2000-O035-US1 
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1 6 along with a user identifier associated with said located access credentials; and 

17 inserting, by said server, said passticket and said user identifier into a log-on 

1 8 message in place of placeholders therefor for a user password and said user identifier when said 

1 9 log-on message is received at said server from said client, thereby creating a revised log-on 

20 messag e, in a fprm expected bv said host application, that is then sent from said server to sign said 

2 1 user on to said host application; and 

2 2 completing a subsequent sign-on to a second host application, by said server on behalf of 

2 3 said user, responsive to receiving a second asynchronous sign-on request from said client that 

24 identifies said second host application, wherein said second host application may be identical to 

2 5 said host application, further comprising the steps of: 

2 6 passing said remembered digital certificate from said server to said host access 

2 7 security component for authenticating said user for access to said second host application; 

28 if said user is authenticated for access to said second host application, locating, by 

2 9 said host access security component, second access credentials of said user, wherein said second 

3 0 access credentials may be identical to said located access credentials; 

3 1 creating, by said host access security component, a second passticket that 

32 represents said located second access credentials of said user; 

33 returning said second passticket from said host access security component to said 
3 4 server, along with a second user identifier associated with said second located access credentials; 
35 and 

3 6 inserting said returned second passticket and said returned second user identifier 

3 7 into a subsequent log-on message in place of placeholders for a second user pa ssword and said 

Serial No. 09/619,205 -19- Docket RSW9-200O-Q035-US1 
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38 second user identifier, when said second log-on m essape is received at said server from said client, 

39 thereby creating a second revised lop-on message, in said fo rm expected bv said second host 

4 0 a pplication, that is then sent from said server to sign said user on to said second host application. 

1 Claim 3 1 (new): A method of providing subsequent user identification during a secure session, 

2 comprising steps of: 

3 upon receiving a first log-on message containing placeholder syntax from a client during a 

4 secure session, substituting therefor a user identifier and a first password substitute provided by a 

5 host access security system upon authentication of user credentials associated with the client and 

6 with a user thereof, thereby creating a revised first log-on message in a form expected by a first 

7 legacy host application, the first password substitute representing access privileges associated 

8 with the user credentials for the first legacy host application; 

9 forwarding the revised first log-on message to the first legacy host application for 

1 0 completing a secure sign-on thereto; 

1 1 upon receiving a second log-on message containing placeholder syntax from the client 

1 2 during the secure session, substituting therefor the user identifier and a second password 

1 3 substitute provided by the host access security system upon authentication of the user credentials 

1 4 associated with the client and with the user thereof; thereby creating a revised second log-on 

1 5 message in a form expected by a second legacy host application, the second password substitute 

1 6 representing access privileges associated with the user credentials for the second legacy host 

1 7 application, wherein the second legacy host application may be identical to the first legacy host 

1 8 application; and 

Serial No. 09/619,205 -20- Docket RSW9-2000-0035-US1 
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1 9 forwarding the revised second log-on message to the second legacy host application for 

2 0 completing a secure sign-on thereto. 
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